CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2022-31691
https://notcve.org/view.php?id=CVE-2022-31691
Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode extensions such as Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor and Cloudfoundry Manifest YML Support version 1.39.0 and below all use Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML that under certain circumstances allows for potentially harmful remote code execution by the attacker. Spring Tools 4 para Eclipse versión 4.16.0 y siguientes, así como extensiones VSCode como Spring Boot Tools, Concourse CI Pipeline Editor, Bosh Editor y Cloudfoundry Manifest YML Support versión 1.39.0 y siguientes utilizan la librería Snakeyaml para admitir la edición YAML. Esta librería permite una sintaxis especial en YAML que, en determinadas circunstancias, permite que el atacante ejecute código remoto potencialmente dañino. • https://github.com/SpindleSec/CVE-2022-31691 https://tanzu.vmware.com/security/cve-2022-31691 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27772
https://notcve.org/view.php?id=CVE-2022-27772
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer spring-boot versiones anteriores a v2.2.11.RELEASE eran vulnerables a un secuestro de directorios temporales. Esta vulnerabilidad afectaba al método org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir. NOTA: Esta vulnerabilidad sólo afecta a productos y/o versiones que ya no son soportadas por el mantenedor • https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-cm59-pr5q-cw85 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-26987
https://notcve.org/view.php?id=CVE-2021-26987
Element Plug-in for vCenter Server incorporates SpringBoot Framework. SpringBoot Framework versions prior to 1.3.2 are susceptible to a vulnerability which when successfully exploited could lead to Remote Code Execution. All versions of Element Plug-in for vCenter Server, Management Services versions prior to 2.17.56 and Management Node versions through 12.2 contain vulnerable versions of SpringBoot Framework. Element Plug-in para vCenter Server incorpora SpringBoot Framework. Las versiones de SpringBoot Framework anteriores a 1.3.2 son susceptibles a una vulnerabilidad que, cuando es explotada con éxito, podría conllevar a una ejecución de código remota. • https://security.netapp.com/advisory/ntap-20210315-0001 •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2018-1196
https://notcve.org/view.php?id=CVE-2018-1196
Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot application that are not installed as a service, or are not using the embedded launch script are not susceptible. Spring Boot soporta un script de inicio embebido que puede emplearse para ejecuta fácilmente la aplicación como servicio de linux systemd o init.d. • https://pivotal.io/security/cve-2018-1196 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 49%CPEs: 15EXPL: 5CVE-2017-8046 – Spring Data REST < 2.6.9 (Ingalls SR9) / 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-8046
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code. Las peticiones PATCH maliciosas enviadas a servidores que utilizan versiones Spring Data REST anteriores a la 2.6.9 (Ingalls SR9), versiones anteriores a la 3.0.1 (Kay SR1) y versiones Spring Boot anteriores a la 1.5.9, 2.0 M6 pueden utilizar datos JSON especialmente diseñados para ejecutar código Java arbitrario. Spring Data REST versions prior to 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1) suffer from a PATCH request remote code execution vulnerability. • https://www.exploit-db.com/exploits/44289 https://github.com/Soontao/CVE-2017-8046-DEMO https://github.com/guanjivip/CVE-2017-8046 https://github.com/bkhablenko/CVE-2017-8046 https://github.com/sj/spring-data-rest-CVE-2017-8046 http://www.securityfocus.com/bid/100948 https://access.redhat.com/errata/RHSA-2018:2405 https://pivotal.io/security/cve-2017-8046 https://access.redhat.com/security/cve/CVE-2017-8046 https://bugzilla.redhat.com/show_bug.cgi?id=1553024 • CWE-20: Improper Input Validation •